Microsoft Surface Pro Tablet for Incident Response

What you hoping to use the tablet for? A quick triage, imaging or a full blown investigation??

Triage and imaging to a my CRU RTX array. Thought it was a nice idea because it has a a decent processor for a tablet and it's Windows.

maybe give Encase Imager a go. I have downloaded it but yet to have a play around with it.

Maybe see if you could run the Sans SIFT kit in a VM from it. That has some good free tools that could be useful i.e Volatility, BulkExtractor and foremost.

AD Registry viewer.

A internet browser tool like IEF5 or Netanalysis etc

List is endless but thats what I would play around with especially the potential to run a VM on it.

Is the Encase Imager a open download like FTK Imager? The reason I ask is because we are a FTK house and do not have licenses for log ins for Encase. I like the idea of using IEF. Any other things that you would toss on there?

Tom

Its free to use, no dongle needed. I haven't tried it but someone posted about it in the Software section of this forum. It might be good it might be rubbish.

Maybe XRY if you have it, incase you encounter a phone that Cellebrite doesn't support.

Where would I download it?

Thought it was a nice idea because it has a a decent processor for a tablet and it's Windows.

In general, you usually want decent I/O throughput – does it provide that? It doesn't seem obvious that it should, so I'd probably test it first.

It is surprisingly quick. It recovered an iPhone pin in short time and f response we able to download a gmail box I. About 15 min. The box contained about 4000 emails. Is there any way to get my hands on encase imager? The link provided in other forums gave me access denied issues? Also , what else do you think should go on it?